FROM node:20-alpine

WORKDIR /app

# 安装必要的系统依赖
RUN apk add --no-cache curl

# 设置工作目录权限
RUN chown -R node:node /app

# 切换到非 root 用户
USER node

COPY --chown=node:node package*.json ./
RUN npm install && \
    npm install jimp mqtt

COPY --chown=node:node . .
RUN npm run build

EXPOSE 3001

HEALTHCHECK CMD curl -f http://localhost:3001/api/health || exit 1

CMD ["npm", "start"]